Remove resetToken and password from User global

Postleaf · May 25, 2017 · ab497f7 · ab497f7
1 parent 876c264
commit ab497f7
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/source/models/user_model.js b/source/models/user_model.js
@@ -141,6 +141,7 @@ module.exports = (sequelize, DataTypes) => {
             // Fetch the user
             user
               .findOne({
+                attributes: { exclude: ['resetToken'] },
                 where: {
                   id: decoded.data.id
                 }
@@ -161,6 +162,9 @@ module.exports = (sequelize, DataTypes) => {
                   reject(new Error('Invalid auth token.'));
                 }
 
+                // Remove password
+                user.password = undefined;
+
                 return resolve(user);
               })
               .catch(() => reject(new Error('Error fetching user from the database.')));